From a local report:
Democratic Rep. Joshua Peters of St. Louis says the bill he introduced Wednesday requires customers to show a state driver’s license or other identification when they use a mobile wallet app or other electronic payment system.
Not only would clerks be required to verify the identity of the individual making the purchase, they would also have to write down the ID number and keep it on record. Otherwise, the store could be held liable for any fraudulent purchases.
The legislator says that the intention is to make sure that no fraudulent purchases are made using a stolen device, though that’s already quite difficult to actually pull off thanks to safeguards like Touch ID. In fact, it’s a whole lot easier to doctor up a fake driver’s license than a fake thumbprint.
While it’s nice that Rep. Peters is trying to be thorough in preventing fraud, this seems like a serious case of overkill. Hopefully the rest of the Missouri legislature will bother to figure out how mobile payment systems work before they start trying to tell people how to use them.
FTC: We use income earning auto affiliate links. More.
What would the ID prove? How would you know what card is being charged? I don’t think they know how Apple Pay works.
What would they be recording if Apple Pay stays as is? Right now all that is on the actual iPhone screen is a Picture of a card without a Name nor a number, just the last 4 digits of the account. Can’t Tim send over their Lawyer squad and find some misconduct being committed that will be much more interesting for the legislature to waste their time on. Where’s the representative with a half mil of cash in the freezer when you need him?
Wow. Way to not understand what you’re trying to regulate. I’m shocked some kind soul didn’t take him aside and gently explain how fingerprint sensors work before he embarrassed himself like this. I’m sure he’ll “get some feedback” about it now, of course.
I was going to say that at least it was a good intent, but the provision that stores keep customer ID information (and take the time to collect and write down all that) is flat-out nutty, and makes me think Rep. Peters has not only a great ignorance of how Apple Pay works, but a screw loose as well.
Fingerprints are easier to fake then signatures. If you have a fingerprint it can be duplicated and used easily. The MO rep lacks a lot of basic info but so do you.
Though a finger print can be hacked…I don’t know If I would go so far as to say it’s easier than forging a signature. Not quite.
Uhh…no it isn’t. Duplicating a fingerprint involves more knowledge than most thieves have. For all intents and purposes, Apple Pay is unhackable.
Speaking of lacking basic information, your fingerprint is not the only thing Touch ID uses to unlock your phone.
Uhh…yes it is. Touch ID only authenticates against your stored fingerprint that is linked to your iPhone. That basic information you speak of, you seem to be lacking in it.
Ok, hold on! What you are saying is that someone who [a] steals someone’s fingerprint somehow or cuts off their finger, [b] tapes the fingerprint on their finger or uses their severed finger for Apple Pay and [c] manages to do this without the cashier noticing the glued tape or severed finger, is easier than forging a signature? And if that someone would go to all this trouble, couldn’t he also make a fake ID card (if this silly legislation actually passed)? Just saying…
No they are not, you are wrong. No one in a store checks a signature for accuracy and my signature changes every time I sign, it’s a mess, no one cares. Signatures are meaningless and anyone can sign my signature. Copying a fingerprint is extremely difficult. You can’t do what those hackers did because they lifted a single perfect print. The Touch ID glass won’t have a single perfect print, but rather a mosh mash of print upon print since no one will touch the button exactly the same way to the 10th of a millimeter but will be slightly different every time. You can’t hack a Touch ID fingerprint in real life, it’s a mess on the glass if you look closely. They were only able to do it in a fake lab situation where they apply a single perfect print to a completely clean Touch ID sensor.
Considering I haven’t been carded when using a credit card at checkout in, over a decade. I suspect even if it was a law, no one will follow it anyways, considering it is the law to card someone using a credit card (or at very least store policy 99% of cashiers ignore).
I don’t know if it is law in some areas but most credit card companies, if not all, do not require the user to show ID to make purchases. It might be necessary if you were to ship an item or perform a credit check but credit card companies are very clear that only a signature on the back of a credit card is required as authorization for charges in most cases.
As a matter of a fact, merchants that require an ID for credit card transactions might actually be in violation of their merchant agreement with the financial network they are in partnership with (Visa, MasterCard, American Express or Discover)
Not sure if it is still in effect, but for many years, the agreement between the stores and the credit card companies was that customers could NOT be asked for ID. Yes, I thought it was a massively stupid idea, too. I always wrote “See I.D.” instead of my signature, so they would verify it was me using the card, until I found out if you don’t sign it, they’re supposed to cut up the card. Never have figured out their thinking.
The signature on the card also represents that you have accepted the terms and conditions of the card and will make good on the debt incurred.
There’s not a legal requirement in any state that I know of to request ID from someone using a credit card. In fact, the credit card merchant agreements prohibit merchants from making it a condition of use.
It’s not negligence on the store clerk’s part. Every card issuer forbids merchants from asking for ID to verify cards. It’s in the merchant agreements. A customer complaint to the card issuer can have that merchant status revoked (I’m guessing it takes a few complaints). You can search for the merchant agreements online to verify what I’ve just said, I’ve read VISA and MC’s in the past few months when someone else posted links to them.
Representative Peters … I totally agree with you. But would I also suggest that you also require customers provide another form of ID to prove they are the owner of the first ID. And then one more thing … the law should require that you get a notarized letter to prove the second ID is valid as well. That way there is no question about the persons identity. What a great idea. Go for it.
What a breathtakingly stupid idea.
If it were just for apple pay I think it would be overkill. But it sounds like mobile wallets in general. In that case it probably is a good idea. Sucks for us apple pay users though.
“Electronic payments” is too vague. It could potentially refer to Starbucks cards as well or a rewards card used to purchase items by redeeming points. That sounds abusive. And what if my rewards card doesn’t have my name on it but just the member ID number?
Yea very good point
Still not a good idea. It’s not the law to provide identification with a credit card. Stores may require it, but it isn’t mandated by law. The whole premise of trying to protect businesses is ridiculous. Businesses sign deals with credit card companies (and apple) in order to deal with risk and fraud from the outset. Businesses that are concerned with chargebacks usually take extra measures to ensure cards are being used in a way that protects them from being accused of accepting payment from an unauthorized user. Usually a signature is enough to keep Visa or Amex from charging them for the fraud.
No store can require you show ID for a credit card purchase at all – not ever. They will face penalties and risk losing their merchant status if they do. It’s absolutely forbidden for stores to ask for ID by every merchant agreement, VISA, MC, etc.
@Bruno do you have a source for this claim?
No, still not a good idea at all. For one, there’s nothing to check the ID against when paying with Apple Pay. This guy simply doesn’t understand how Apple Pay and Google Wallet work.
Mr Beasley leads off with his own (I assume) quote:
“Determined to stymie the inevitable flood of fraudulent transactions using Apple Pay…”
??????
I’m not sure of the (reliable) logic and source that forecasts Apple Pay should expect a ” flood of fraudulent” transactions. Has the token system, Touch ID, already been compromised?
I interpreted it as in that many people who commit credit card theft will inevitably try to also use Apple Pay to their advantage since it does not require signature nor ID and does not need the actual card present. Although, for you to abuse Apple Pay, you would have to had already stolen the individual’s identity in order to verify the card on their device after adding the card to passbook. Just how iCloud was “compromised” and nudes leaked.
Do you typically comment on articles you haven’t read? Or, after reading the article did you still not catch the sarcasm?
The technical term for the technique being implied in that opening sentence is “sarcasm.” Some people may refer to it using a more general label, such as “humor” or a “joke.”
Anyone had a look to see if this guy has any (paid) connections with rival payment providers ?
That was going to be my suggestion. Odds are extremely high this guy takes regular donations from Walmart and/or other members of the CurrentC consortium. Would be worth some follow up research, Mike.
Wait what? So I can pay in shop with 10,000$ cash and nobody bats an eye, but if I purchase a 5$ coffee with Apple Pay then suddenly it’s a problem? Maybe I should show ID when paying with cash so “they” know I haven’t stolen that?
Well, Missouri is known as the “Show Me” state . . . .
But this is an absurd idea. You have to scan your fingerprint to activate the pay feature on the ApplePay system and despite the “Shocking Headlines” over the past year about cloning a fingerprint and using them to fool the Apple fingerprint scanner – to go through all that to get a sixer of beer or Big Mac – pretty unlikely! /s
It’s not like you can buy a Car or House on a Credit Card. And the Credit Card company is liable for everything over the first $50.00. When BOA and American Express are happy with Apple’s new system – that’s speaking volumes about their internal security systems being satisfied.
Please send your concerns to this legislator at: Joshua.peters@house.mo.gov.
“Dear Representative Peters:
I have an iPhone 6 and have used ApplePay many times at McDonalds, Subway, Walgreens, and Home Depot.
Use of ApplePay REQUIRES authentication from the iPhone owner’s recorded unique fingerprint ID scan. That is why all the nation’s major banks are rushing to embrace the technology because they realize it greatly reduces fraudulent use by matching the applicable iPhone with its owner/user. This fingerprint authentication has never effectively been thwarted to my knowledge.
Requiring further identification would only inconvenience shoppers and not add to any security enhancement.
Please take the time to learn about ApplePay (possibly from the IT/security staffs) of some of our local, ApplePay participating banks, and exclude applicable iPhones from this potential onerous requirement.
Respectfully,
Jared Porter”
I modified the. Text slightly and added the following paragraph:
As an attorney and IT professional what I find interesting is why you have been led to believe that fraudulent electronic payments has become a pressing issue that requires the heavy hand of legislation to properly address. I am not aware of any state government that has enacted similar legislation. As you seem to serve on a committee tasked with limiting the size of government, I am confused how this type of legislation furthers that admirable goal.
Saddest thing: Joshua Peters is 28. 28 not 60. I could get that a 60 year old might have difficulties understanding Apple Pay, but a 28 year old representative? Hell no
1. It’s against all credit card merchant agreements to ask for ID
2. The ID doesn’t prove anything because merchants have no way to verify it against the payment info provided by Apple Pay or any NFC or Chip+PIN device
3. Using a physical card is always less secure and far easier with regards to faking identity
4. It’s an absolute privacy violation as well as an additional security violation with merchants now having a record of more data that can be used for identity theft.
Not correct. Merchants are required to verify government issued ID in instances where the Card is either not signed, or when the signature at the time of purchase doesn’t match the card.
An unsigned card is considered invalid and should not be accepted . If a customer gives you an unsigned card, the following steps must be taken:
• Check the cardholder’s ID. Ask the cardholder for some form of official government identification, such as a driver’s license or passport . Where permissible by law, the ID serial number and expiration date should be written on the sales receipt before you complete the transaction .
• Ask the customer to sign the card. The card should be signed within your full view, and the signature checked against the customer’s signature on the ID . A refusal to sign means the card is still invalid and cannot be accepted . Ask the customer for a different signed Visa card .
• Compare the signature on the card to the signature on the ID.
http://usa.visa.com/download/merchants/card-acceptance-guidelines-for-visa-merchants.pdf
But they never do and that’s the issue. Upon swiping my credit card, I’d say at most 10% of the time it’s actually checked by the cashier. And signatures are meaningless, it’s so easy to fake one since mine is never even the same when I sign it. That’s why I write check ID on the back of my cards, but rarely does anyone ask. Touch ID is far more secure than all that.
These are all “what should happen” – but the reality is that my Mastercard has been unsigned since 2004. For Mastercard, they state that the card is not valid unless signed. If someone actually did their job and checked to see that my card was signed and forced me to sign it before allowing the transaction – that proper action would be so far outside the accepted cultural and societal norm that it would be offensive. I suppose a person could make a game of it if they were working box office at a movie theater. See how many Mastercards you can come across that require a signature and grandstand on each one.
In the case of an unsigned MC, the proper resolution (as you pointed out) is to provide ID and sign the card in front of the cashier.
That only happened to me once, in London, UK just as my last expiration date was approaching in 2011. The train ticket lady was being combative about my unsigned card and I offered to sign it. It took a good 3 minutes of convincing her that if I showed her my ID it would prove that it’s my card and another 2 minutes to convince her that if I signed the card, it would magically and instantaneously become valid. For a while there, she didn’t think I was allowed to sign my own card.
he may be as stupid as he seems. he is lobbying to make apple pay trickier and less convenient to use. thus serving its rivals who are obviously not happy.
Democrat. That says it all.
But they are usually smarter about technology than say Republicans, so I’m not getting your meaning.
Politician. It takes a certain type to just shrug off criticism and stick with the job. So – those who shrug off all common sense and information as well as think they know best for everyone else tend to fill the positions.
Never going to happen. You can’t even get the clerks to ask for ID using a credit card.
I think this issue involves much deeper philosophical and authority questions:
1. Where is more data – biometric fingerprint or a picture of face?
2. Who is more accurate – machine checking your fingerprint or biological machine (human) glancing at your photo?
3. Who is to be on the top – government issued piece of plastic or robust information systems with decades of development from best engineers in the world?
4. How do you prevent NFC relay attacks?
If you look how digital passports work in (EU) airports – it’s much more about scanning your face against your passport picture (and *videos* of your previous entries), than just strings from your passport. Then there is DNA, eye retinas, fingerprints, some other unique body features used in different countries.
So what purpose does a physical ID serves today when you have ubiquitous technology to easily scan your most your biometric data?
The problem here is that the political people that “represent” the general population are too old and don’t understand new tech.
This guy probably still uses paper checks for payments.
If you live in Missouri, contact your reps. This is either ignorance or religious nonsense.
Apparently he’s 28!
As i am in a country that doesn’t presently have Apple Pay, i cannot really comment on what is being suggested here… So i have a couple of questions…
If i add a card to my phone, and then i misplace, lose, have stolen, or someone just gains access to my card, what is to stop them adding the same card to there phone…???
If your card is added to a phone without your knowledge, are you protected by the card provider against fraud…???
If your card is added after YOU added it to YOUR phone do you get notified…???
I’m sure i can think of more, but just wondered how it works on those for now…
If you are covered on all of those, then there is no need, if you are not, then there may be some need for more integration to other security methods, but i definitely think this is a ridiculous waste of time and money, as the card providers can simply just pull out of the state, and then cash would be king, as would CRIME….!!!
When you add the card to your phone, it sends verification info to the bank issuer, it checks to make sure the persons name, phone number and address assigned to the phone is the one assigned to the card. If no it will not allow you to add the card
So it has already been verified by the bank then, which is why they will suffer the fraud IF it is possible for fraud to happen then, and why they are all so happy it is out there now… Why does anyone else need to be involved, it is very clear to me this is just a matter of interfering by elected officials trying to get there name out there clearly…!
Kevin, I hate to be a grammar nazi, but your sentences hurt my brain.
I think you are missing the point… That is, your card is stolen! The criminal can just use your card, why does the phone even matter at this point? If a person’s credit card is stolen somehow, the phone is irrelevant. You have to call your credit card company to cancel the card, nothing changes there. They don’t need to add it to their phone, they can just use the card as is and fake your signature which almost no cashier bothers to check anyway.
The only reason they want this is to be able to easily track who’s buying something from a particular store. It’s allot easier to pressure a local store owner to give up ID #’s of people who have bought there then get a court order for a credit card company. Next they will say you will need and ID to purchase with money
Do they just sit around and try to find the most idiotic laws they find to legislate. Who is this some 70 years old life long politician that can barely tie his shoe.
He is 28 years old.
Wow, then he’s either an idiot or a huge Android fanboy who wants to kill Apple Pay legislatively.
Someone needs to tell the Missouri state representative that people can make fake drivers licenses. Unless drivers licenses / other form of ID can be validated by merchants against the state DMV records or voter database, it’s useless to ask for ID.
” inevitable flood of fraudulent transactions” ? I’m confused here.
It’s what’s commonly referred to as a joke. The tone of the rest of the article should help give that away. :P
This rep is an idiot and has no business making laws around things he does not understand.
Furthermore, is he going to force all credit card swipe transactions to show photo ID? Is that already a law there? Because stealing a phone and faking a fingerprint is much harder than just stealing a credit card. So one can swipe a stolen credit card without question? Doesn’t this jackass know it’s the same issue, but at least with Apple Pay, they also need a fingerprint!
. . . . . . . . . . . . . . . . . . . ________
. . . . . .. . . . . . . . . . . ,.-‘”. . . . . . . . . .“~.,
. . . . . . . .. . . . . .,.-”. . . . . . . . . . . . . . . . . .“-.,
. . . . .. . . . . . ..,/. . . . . . . . . . . . . . . . . . . . . . . ”:,
. . . . . . . .. .,?. . . . . . . . . . . . . . . . . . . . . . . . . . .\,
. . . . . . . . . /. . . . . . . . . . . . . . . . . . . . . . . . . . . . ,}
. . . . . . . . ./. . . . . . . . . . . . . . . . . . . . . . . . . . ,:`^`.}
. . . . . . . ./. . . . . . . . . . . . . . . . . . . . . . . . . ,:”. . . ./
. . . . . . .?. . . __. . . . . . . . . . . . . . . . . . . . :`. . . ./
. . . . . . . /__.(. . .“~-,_. . . . . . . . . . . . . . ,:`. . . .. ./
. . . . . . /(_. . ”~,_. . . ..“~,_. . . . . . . . . .,:`. . . . _/
. . . .. .{.._$;_. . .”=,_. . . .“-,_. . . ,.-~-,}, .~”; /. .. .}
. . .. . .((. . .*~_. . . .”=-._. . .“;,,./`. . /” . . . ./. .. ../
. . . .. . .\`~,. . ..“~.,. . . . . . . . . ..`. . .}. . . . . . ../
. . . . . .(. ..`=-,,. . . .`. . . . . . . . . . . ..(. . . ;_,,-”
. . . . . ../.`~,. . ..`-.. . . . . . . . . . . . . . ..\. . /\
. . . . . . \`~.*-,. . . . . . . . . . . . . . . . . ..|,./…..\,__
,,_. . . . . }.>-._\. . . . . . . . . . . . . . . . . .|. . . . . . ..`=~-,
. .. `=~-,_\_. . . `\,. . . . . . . . . . . . . . . . .\
. . . . . . . . . .`=~-,,.\,. . . . . . . . . . . . . . . .\
. . . . . . . . . . . . . . . . `:,, . . . . . . . . . . . . . `\. . . . . . ..__
. . . . . . . . . . . . . . . . . . .`=-,. . . . . . . . . .,%`>–==“
. . . . . . . . . . . . . . . . . . . . _\. . . . . ._,-%. . . ..`\
Sigh.. idiot.
As always law makers should stop scratching their balls and create laws that help the country, not waste time and our (taxpayers) money with stupid crap like this.
Hey MO representative news flash: There is a lot of poverty, homeless and uneducated people in your state, why don’t you think of something to help those people?
Trust me. The Missouri Legislature has never bothered with the concept of trying to figure out anything works before implementing a law to curb it. They just don’t think (that way).
I suspect the most interesting facts in this case would be the amount of campaign contributions made to Democratic Rep. Joshua Peters of St. Louis by certain high-tech corporate interests whose name is NOT Apple.
This proposed legislation makes perfect sense to me. After all, with retailers having amply demonstrated their commitment and ability to safeguard all of my existing personal information with rigorous security, it should be obvious that adding to their personal information database about me is really in my best interests. Rep. Peters, you rock!
I live in a country where an elected official wants me to show an ID to make a purchase with my phone with a finger print but doesn’t care if I have an ID to show to prove that I’m who I say I am when I’m voting for said official. Crazy
Mmm …
I haven’t checked Missouri laws — but most states do not require presentation of Voter ID by citizens voting for these politicians that will limit their freedoms …
If this technology really produces as much fraud as Peters expects it will, it will cost its owners so much that it will either be quickly fixed, or withdrawn from the market. Therefore no such law is necessary or desirable.
Dems have a scatological *NEED* to control the masses.
Yes, that’s exactly what I meant to say; Dems are full of shit!
Ok, so let me get this straight, My phone is locked, and is secured by touch ID which is required by apple pay, and I still gotta show my ID?? If my phone is stolen how on earth can someone else use it.How can there be fraud??
Why do you use the statements “Determined to stymie the inevitable flood of fraudulent transactions using Apple Pay and other mobile wallets” and “already quite difficult to actually pull off thanks to safeguards like Touch ID”. Seems to be opposite views by the author in the same article.
This sounds almost illegal… so only apple pay, not currentc or credit cards? Yea ok that’s fair.
Let’s require a buggy whip with each car sold! Come on man! Really? Missouri has more important things to address!
Don’t worry, this won’t actually go anywhere. It doesn’t say how long the store has to “keep it on record,” but once the NRA finds out that a gun dealer would potentially have to store a purchaser’s information for longer than a day, they’ll shut this down in a hurry.
I have seen no proof that fraudulent charges have been done using Apple Pay to date. Using the fingerprint scanner on the iPhone verifies the customer that owns the phone that they are who they say they are. The banks verify the credit card you use and authorize that device to use it. You can’t forge a fingerprint on the iPhone unless you are some kind of 007 agent with millions of dollars. Maybe the lawmaker should investigate who really is doing the fraudulent charges first before trying to stymie technology that really works and is more secure than showing an ID which can be easily forged more than someones fingerprint. These old people in politics think because they don’t understand the technology it has to be bad. That’s just not right! Research how Apple Pay works and have a talk with Tim Cook from Apple before you make stupid laws which will make the situation worse, not better.
I think one needs to look at this from a certain viewpoint. In doing so, I come up with two distinct possibilities
1) The Straightforward – If you have a device – perhaps you made this device yourself – that transmitted information via NFC and you were able to then (obviously) tell it to transmit whatever you wanted, you wouldn’t need to break Apple Pay – you can just use the existing technology. Case in point – you now have a product called Loop Pay. I’m not saying Loop Pay isn’t secure, but if you could engineer your own Loop Pay technology, you could basically load anyone’s credit card onto your custom device. Now – I don’t know that this matters too much. I think that would be so much more effort than just encoding a mag strip on a blank card, if you’ve already got the information. But, I think you will see some kind of “hacks” or “engineering” around the fact that we are accepting and putting mobile payments up on a pedestal at the onset.
2) The Ulterior – What is more plausible is a desire to throw a wrench into the machine. By requiring an “ID” – Apple would actually have to change Apple Pay to display a name associated with a card on the Device. It would then only be a small step to mandate that Apple Pay “pass” the associated name to the merchant for every transaction. There goes anonymity. So, why would someone be motivated to do that?
A) Merchants motivating him so they can make Apple Pay workable for their marketing desires.
B) Government motivating him so they can get back to tracking purchases like Sudafed and fertilizer.